Azure P2 Premium password reset writeback to on-prem joined AD Laptop

Question

Ive activated the trial of P2 Premium service. Im now resetting password from outside the corporate network using Azure Self Service password reset which works fine, however, Im wondering if their is a way to update the machine password directly without having to get my machine connected to the corp VPN. With Covid, almost all staff are now working from home so they dont connect to the corporate vpn very much at all as we have no systems in their that are required. Can i instead get peoples PC's to get onto the o365 azure domain instead so both the cached password in the PC and the user password are both updated together. If i have to get users connecting their PC's to the corp VPN to get the local cached password for the user updated it seems little point in having Azure P2 Premium at all. Is there any other way of doing this?
Thanks in advance.

Answer 1

This is a limitation of the service. From the SSPR documentation:

Password reset is not currently supported from a Remote Desktop or from Hyper-V enhanced sessions and Hybrid Azure AD joined machines must have network connectivity line of sight to a domain controller to use the new password and update cached credentials. This means that devices must either be on the organization's internal network or on a VPN with network access to an on-premises domain controller.

That said, if you have hybrid joined computers then Windows Hello for Business password reset is possible when off site without a VPN, if you have set it up fully. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification